diff --git a/ChangeLog b/ChangeLog index 7f4bf72cd74..a8241b7557a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -45,6 +45,10 @@ NEW: Accountancy - Add possibility for specific format FEC to sort with the FEC NEW: Accountancy - Expense report - Add an option to use end period for transfer (#26706) NEW: Accountancy - Show accounting result on balance NEW: Accountancy - Show import key if exist (#29265) +NEW: Accountancy - Auto-determine piece number in FEC import (#29672) +NEW: Accountancy - Option to transfer only reconciled lines from bank (#29408) +NEW: Accountancy - Separation of accounting default account for salary and expense report +NEW: Various payment - Use list of accounting account when edit (#27992) NEW: Add option to change all service dates at once NEW: Add a default limit in nb to agenda export NEW: Add a Feedback-ID into email headers @@ -97,7 +101,6 @@ NEW: Allow smileys into emailing html content NEW: Allow to set a default project for POS sales (#27042) NEW: animation for display spinner when waiting response NEW: Asset Module - make asset model creation in a single step (#26982) -NEW: auto-determine piece number in FEC import (#29672) NEW: auto fill infos in template email NEW: Automatically fill matching extra fields of object on line creation. (#27240) NEW: Can add documents on a payment (#29660) @@ -134,7 +137,7 @@ NEW: fetch object by element for website account card NEW: filter on sale representative in contact list NEW: Filter shipments by selecting multiple shipping methods (#28376) NEW: Font param Look and Feel (#29302) -NEW: fuctionnality for stock configuration prompt in AI module (#28030) +NEW: functionality for stock configuration prompt in AI module (#28030) NEW: functionality to delete contact of company list NEW: functionality to display codebar on pdf files (#29623) NEW: functionality to list event for user @@ -166,7 +169,6 @@ NEW: notification action triggers for cancelling orders and invoices NEW: now button when editing an event NEW: online signature of shipments (#29559) NEW: On OAuth Google login, no prompt at all if already logged in Google -NEW: Option to transfer only reconciliated lines from bank (#29408) NEW: Param to show main menu logo in color look and feel (#29305) NEW: Payment page received from donations NEW: possibility to define a completely inactive module (#29289) @@ -179,7 +181,6 @@ NEW: resource address, phone, email & maxusers (#28185) NEW: Script for fast identification of missing/unused/duplicate translations NEW: search member by date NEW: See the documents of my subordinates (#28318) -NEW: separation of expense report from salary accounting code NEW: Show error on ical parse NEW: Show the profit per attendee on events NEW: signed status CRUD to contract and fichinter @@ -206,7 +207,6 @@ NEW: Update expense report card.php to allow pdf preview even without thumbnail NEW: update price with auto to use const for rounding prices (#29350) NEW: Use a nicer combo list to select the export accounting format NEW: users can set their own length for short lists -NEW: Various payment - Use list of account when edit (#27992) NEW: warning message when cloning a product whose status is not to sell (#28374) PERF: Performance enhancement on Invoice/Paiement area page PERF: Use cache for loaded users/contact on project list @@ -219,6 +219,7 @@ SEC: Reduce nb of var without WAF used when using the website module For developers or integrators: ------------------------------ +NEW: Situation invoice - Add new official progressive mode - (constant INVOICE_USE_SITUATION = 2) NEW: $noescapetags param of dol_escape_html works if attributes NEW: Add createInvoiceFromContract to API invoice (#27277) NEW: add debugging info to api/status if non-production diff --git a/htdocs/admin/system/perf.php b/htdocs/admin/system/perf.php index 0b02e78e344..44935e91607 100644 --- a/htdocs/admin/system/perf.php +++ b/htdocs/admin/system/perf.php @@ -660,7 +660,7 @@ if (getDolGlobalInt('MAIN_ACTIVATE_FILECACHE')) { } else { print img_picto('', 'minus', 'class="pictofixedwidth"'); } -print ' '.$form->textwithpicto($langs->trans("EnableFileCache").' ('.$langs->trans("Widgets").')', $langs->trans("Option").' MAIN_ACTIVATE_FILECACHE'); +print $form->textwithpicto($langs->trans("EnableFileCache").' ('.$langs->trans("Widgets").')', $langs->trans("Option").' MAIN_ACTIVATE_FILECACHE'); print ': '.yn(getDolGlobalInt('MAIN_ACTIVATE_FILECACHE')); print '
'; @@ -669,7 +669,7 @@ if (getDolGlobalInt('MAIN_ENABLE_AJAX_TOOLTIP')) { } else { print img_picto('', 'minus', 'class="pictofixedwidth"'); } -print ' MAIN_ENABLE_AJAX_TOOLTIP : '; +print 'MAIN_ENABLE_AJAX_TOOLTIP : '; print yn(getDolGlobalInt('MAIN_ENABLE_AJAX_TOOLTIP')); print '
'; diff --git a/htdocs/admin/system/security.php b/htdocs/admin/system/security.php index 42fb6b8ac3e..9671d5a6828 100644 --- a/htdocs/admin/system/security.php +++ b/htdocs/admin/system/security.php @@ -379,11 +379,12 @@ if (empty($dolibarr_main_stream_to_disable)) { } else { print implode(', ', $dolibarr_main_stream_to_disable); } -print ' -> Current PHP streams allowed = '; +print '   -> Current PHP streams allowed = '; $arrayofstreams = stream_get_wrappers(); if (!empty($arrayofstreams)) { sort($arrayofstreams); - print(implode(', ', $arrayofstreams)).'     ('.$langs->trans("Recommended").': '.$langs->trans("TryToKeepOnly", 'file,http,https,php,zip').')'."\n"; + print ''.implode(',', $arrayofstreams).''; + print '     ('.$langs->trans("Recommended").': '.$langs->trans("TryToKeepOnly", 'file,http,https,php,zip').')'."\n"; } print ''; diff --git a/htdocs/admin/ticket.php b/htdocs/admin/ticket.php index 8ae5a83cb02..d8e5f342494 100644 --- a/htdocs/admin/ticket.php +++ b/htdocs/admin/ticket.php @@ -167,21 +167,12 @@ if ($action == 'updateMask') { $error++; } - if (GETPOSTISSET('product_category_id')) { - $param_ticket_product_category = GETPOSTINT('product_category_id'); - $res = dolibarr_set_const($db, 'TICKET_PRODUCT_CATEGORY', $param_ticket_product_category, 'chaine', 0, '', $conf->entity); - if (!($res > 0)) { - $error++; - } - } - $param_status = GETPOST('TICKET_SET_STATUS_ON_ANSWER'); $res = dolibarr_set_const($db, 'TICKET_SET_STATUS_ON_ANSWER', $param_status, 'chaine', 0, '', $conf->entity); if (!($res > 0)) { $error++; } - $param_delay_first_response = GETPOSTINT('delay_first_response'); $res = dolibarr_set_const($db, 'TICKET_DELAY_BEFORE_FIRST_RESPONSE', $param_delay_first_response, 'chaine', 0, '', $conf->entity); if (!($res > 0)) { @@ -625,37 +616,6 @@ print $formcategory->textwithpicto('', $langs->trans("TicketAutoCheckNotifyThird print ''; print ''; -// Assign contact to a message -print ''.$langs->trans("TicketAssignContactToMessage").''; -print ''; -if ($conf->use_javascript_ajax) { - print ajax_constantonoff('TICKET_ASSIGN_CONTACT_TO_MESSAGE'); -} else { - $arrval = array('0' => $langs->trans("No"), '1' => $langs->trans("Yes")); - print $formcategory->selectarray("TICKET_ASSIGN_CONTACT_TO_MESSAGE", $arrval, getDolGlobalString('TICKET_ASSIGN_CONTACT_TO_MESSAGE')); -} -print ''; -print ''; -print $formcategory->textwithpicto('', $langs->trans("TicketAssignContactToMessageHelp"), 1, 'help'); -print ''; -print ''; - -if (isModEnabled('product')) { - $htmlname = "product_category_id"; - print ''.$langs->trans("TicketChooseProductCategory").''; - print ''; - print img_picto('', 'category', 'class="pictofixedwidth"'); - $formcategory->selectProductCategory(getDolGlobalString('TICKET_PRODUCT_CATEGORY'), $htmlname); - if ($conf->use_javascript_ajax) { - print ajax_combobox('select_'.$htmlname); - } - print ''; - print ''; - print $formcategory->textwithpicto('', $langs->trans("TicketChooseProductCategoryHelp"), 1, 'help'); - print ''; - print ''; -} - print ''; print ''.$langs->trans("TicketsDelayBeforeFirstAnswer").""; print ' diff --git a/htdocs/admin/ticket_public.php b/htdocs/admin/ticket_public.php index 42bd9cc8900..7bb8e2c0b9d 100644 --- a/htdocs/admin/ticket_public.php +++ b/htdocs/admin/ticket_public.php @@ -28,6 +28,7 @@ require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT."/core/lib/admin.lib.php"; require_once DOL_DOCUMENT_ROOT."/ticket/class/ticket.class.php"; require_once DOL_DOCUMENT_ROOT."/core/lib/ticket.lib.php"; +require_once DOL_DOCUMENT_ROOT."/core/class/html.formcategory.class.php"; // Load translation files required by the page $langs->loadLangs(array("admin", "ticket")); @@ -221,6 +222,7 @@ if ($action != '') { $dirmodels = array_merge(array('/'), (array) $conf->modules_parts['models']); $form = new Form($db); +$formcategory = new FormCategory($db); $help_url = "FR:Module_Ticket"; $page_name = "TicketSetup"; @@ -414,7 +416,7 @@ if (getDolGlobalInt('TICKET_ENABLE_PUBLIC_INTERFACE')) { } if (empty($conf->use_javascript_ajax)) { - print ''; + print ''; print ''; } @@ -458,9 +460,29 @@ if (getDolGlobalInt('TICKET_ENABLE_PUBLIC_INTERFACE')) { print $form->textwithpicto('', $langs->trans("TicketPublicInterfaceTextHelpMessageHelpAdmin"), 1, 'help'); print ''; + // Add first contact id found in database from submitter email entered into public interface + // Feature disabled: This has a security trouble. The public interface is a no login interface, so being able to show the contact info from an + // email decided by the submiter allows anybody to get information on any contact (customer or supplier) in Dolibarr database. + // He can even check if contact exists by trying any email if this feature is enabled. + /* + print ''.$langs->trans("TicketAssignContactToMessage").''; + print ''; + if ($conf->use_javascript_ajax) { + print ajax_constantonoff('TICKET_ASSIGN_CONTACT_TO_MESSAGE'); + } else { + $arrval = array('0' => $langs->trans("No"), '1' => $langs->trans("Yes")); + print $formcategory->selectarray("TICKET_ASSIGN_CONTACT_TO_MESSAGE", $arrval, getDolGlobalString('TICKET_ASSIGN_CONTACT_TO_MESSAGE')); + } + print ''; + print ''; + print $formcategory->textwithpicto('', $langs->trans("TicketAssignContactToMessageHelp"), 1, 'help'); + print ''; + print ''; + */ + // Url public interface $url_interface = getDolGlobalString("TICKET_URL_PUBLIC_INTERFACE"); - print ''.$langs->trans("UrlPublicInterfaceLabelAdmin").''; + print ''.$langs->trans("UrlPublicInterfaceLabelAdmin").''; print ''; print ''; print ''; @@ -470,15 +492,17 @@ if (getDolGlobalInt('TICKET_ENABLE_PUBLIC_INTERFACE')) { print ''; + print '

'; + print load_fiche_titre($langs->trans("Emails")); print '
'; print ''; // Activate email creation to user - print ''; print ''; // Activate email notification when a new message is added - print ''; print ''; // Send notification when a new message is added to a email if a user is not assigned to the ticket - print ''; diff --git a/htdocs/admin/workflow.php b/htdocs/admin/workflow.php index d5ba9c88431..3272e7174dc 100644 --- a/htdocs/admin/workflow.php +++ b/htdocs/admin/workflow.php @@ -234,6 +234,12 @@ $workflowcodes = array_filter( } ); +if ($action == 'setvarworkflow') { // Test on permission already done + if (GETPOSTISSET('product_category_id')) { + $param_ticket_product_category = GETPOSTINT('product_category_id'); + $res = dolibarr_set_const($db, 'TICKET_PRODUCT_CATEGORY', $param_ticket_product_category, 'chaine', 0, '', $conf->entity); + } +} /* @@ -261,22 +267,30 @@ if (count($workflowcodes) < 1) { // Sort on position $workflowcodes = dol_sort_array($workflowcodes, 'position'); -print '
'; + print '
'; print $form->textwithpicto($langs->trans("TicketsDisableCustomerEmail"), $langs->trans("TicketsDisableEmailHelp"), 1, 'help'); print ''; @@ -493,7 +517,7 @@ if (getDolGlobalInt('TICKET_ENABLE_PUBLIC_INTERFACE')) { // Text of email after creatio of a ticket $mail_mesg_new = getDolGlobalString("TICKET_MESSAGE_MAIL_NEW", $langs->trans('TicketNewEmailBody')); - print '
'; + print '
'; print $form->textwithpicto($langs->trans("TicketNewEmailBodyLabel"), $langs->trans("TicketNewEmailBodyHelp"), 1, 'help'); print ''; print ''; @@ -504,7 +528,7 @@ if (getDolGlobalInt('TICKET_ENABLE_PUBLIC_INTERFACE')) { print '
'; + print '
'; print $form->textwithpicto($langs->trans("TicketsPublicNotificationNewMessage"), $langs->trans("TicketsPublicNotificationNewMessageHelp"), 1, 'help'); print ''; @@ -518,7 +542,7 @@ if (getDolGlobalInt('TICKET_ENABLE_PUBLIC_INTERFACE')) { print '
'; + print '
'; print $form->textwithpicto($langs->trans("TicketPublicNotificationNewMessageDefaultEmail"), $langs->trans("TicketPublicNotificationNewMessageDefaultEmailHelp"), 1, 'help'); print ''; print '
'; +print ''; +print ''; +print ''; +print ''; $oldfamily = ''; +$tableopen = 0; +$atleastoneline = 0; foreach ($workflowcodes as $key => $params) { if ($params['family'] == 'separator') { - print '
'; - print '
'; - - print ''; + if ($atleastoneline) { + print '
'; + print '
'; + $oldfamily = ''; + $atleastoneline = 0; + } continue; } $reg = array(); if ($oldfamily != $params['family']) { + // New group if ($params['family'] == 'create') { $header = $langs->trans("AutomaticCreation"); } elseif (preg_match('/classify_(.*)/', $params['family'], $reg)) { @@ -308,6 +322,9 @@ foreach ($workflowcodes as $key => $params) { $header = $langs->trans("Description"); } + print ''; + $tableopen = 1; + print ''; print ''; print ''; @@ -316,6 +333,8 @@ foreach ($workflowcodes as $key => $params) { $oldfamily = $params['family']; } + $atleastoneline = 1; + print ''; print ''; print ''; } -print '
'.$header.''.$langs->trans("Status").'
'; print img_object('', $params['picto'], 'class="pictofixedwidth"'); @@ -328,6 +347,26 @@ foreach ($workflowcodes as $key => $params) { print ' '.img_warning($langs->transnoentitiesnoconv("Deprecated")); } + if ($key == 'WORKFLOW_TICKET_LINK_CONTRACT' && getDolGlobalString('WORKFLOW_TICKET_LINK_CONTRACT')) { + require_once DOL_DOCUMENT_ROOT."/core/class/html.formcategory.class.php"; + + $formcategory = new FormCategory($db); + + $htmlname = "product_category_id"; + print '
'; + print $formcategory->textwithpicto($langs->trans("TicketChooseProductCategory"), $langs->trans("TicketChooseProductCategoryHelp"), 1, 'help'); + if (isModEnabled('category')) { + print '   '.img_picto('', 'category', 'class="pictofixedwidth"'); + $formcategory->selectProductCategory(getDolGlobalInt('TICKET_PRODUCT_CATEGORY'), $htmlname, 1); + if ($conf->use_javascript_ajax) { + print ajax_combobox('select_'.$htmlname); + } + print ''; + } else { + print 'Module category must be enabled'; + } + } + print '		'; @@ -354,7 +393,12 @@ foreach ($workflowcodes as $key => $params) { print '
'; +if ($tableopen) { + print ''; +} + +print ''; + // End of page llxFooter(); diff --git a/htdocs/core/class/html.formcategory.class.php b/htdocs/core/class/html.formcategory.class.php index 193967845ab..731559ed119 100644 --- a/htdocs/core/class/html.formcategory.class.php +++ b/htdocs/core/class/html.formcategory.class.php @@ -23,6 +23,7 @@ */ require_once DOL_DOCUMENT_ROOT.'/core/class/html.form.class.php'; +require_once DOL_DOCUMENT_ROOT.'/categories/class/categorie.class.php'; /** @@ -101,6 +102,8 @@ class FormCategory extends Form /** * Prints a select form for products categories + * TODO Remove this. We should already have a generic method to get list of product category. + * * @param int $selected Id category pre-selection * @param string $htmlname Name of HTML field * @param int $showempty Add an empty field @@ -108,15 +111,14 @@ class FormCategory extends Form */ public function selectProductCategory($selected = 0, $htmlname = 'product_category_id', $showempty = 0) { - $sql = "SELECT cp.fk_categorie as cat_index, cat.label"; - $sql .= " FROM ".MAIN_DB_PREFIX."categorie_product as cp"; - $sql .= " INNER JOIN ".MAIN_DB_PREFIX."categorie as cat ON cat.rowid = cp.fk_categorie"; - $sql .= " GROUP BY cp.fk_categorie, cat.label"; + $sql = "SELECT cat.rowid, cat.label"; + $sql .= " FROM ".MAIN_DB_PREFIX."categorie as cat"; + $sql .= " WHERE cat.type = 0"; dol_syslog(get_class($this)."::selectProductCategory", LOG_DEBUG); $resql = $this->db->query($sql); if ($resql) { - print ''; if ($showempty) { print ''; } @@ -125,10 +127,10 @@ class FormCategory extends Form $num_rows = $this->db->num_rows($resql); while ($i < $num_rows) { $category = $this->db->fetch_object($resql); - if ($selected && $selected == $category->cat_index) { - print ''; + if ($selected && $selected == $category->rowid) { + print ''; } else { - print ''; + print ''; } $i++; } diff --git a/htdocs/core/class/html.formother.class.php b/htdocs/core/class/html.formother.class.php index 37e7c6c538d..b3512736545 100644 --- a/htdocs/core/class/html.formother.class.php +++ b/htdocs/core/class/html.formother.class.php @@ -524,13 +524,13 @@ class FormOther if (!empty($user->socid)) { $sql_usr .= " AND u.fk_soc = ".((int) $user->socid); } - if (getDolGlobalString('USER_HIDE_NONEMPLOYEE_IN_COMBOBOX')) { + if (getDolUserString('USER_HIDE_NONEMPLOYEE_IN_COMBOBOX', getDolGlobalString('USER_HIDE_NONEMPLOYEE_IN_COMBOBOX'))) { $sql_usr .= " AND u.employee <> 0"; } - if (getDolGlobalString('USER_HIDE_EXTERNAL_IN_COMBOBOX')) { + if (getDolUserString('USER_HIDE_EXTERNAL_IN_COMBOBOX', getDolGlobalString('USER_HIDE_EXTERNAL_IN_COMBOBOX'))) { $sql_usr .= " AND u.fk_soc IS NULL"; } - if (getDolGlobalString('USER_HIDE_INACTIVE_IN_COMBOBOX')) { + if (getDolUserString('USER_HIDE_INACTIVE_IN_COMBOBOX', getDolGlobalString('USER_HIDE_INACTIVE_IN_COMBOBOX'))) { // Can be set in setup of module User. $sql_usr .= " AND u.statut <> 0"; } diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index ba47361a40b..5d449de78eb 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -263,7 +263,7 @@ function getDolUserString($key, $default = '', $tmpuser = null) $tmpuser = $user; } - return (string) (empty($tmpuser->conf->$key) ? $default : $tmpuser->conf->$key); + return (string) (isset($tmpuser->conf->$key) ? $tmpuser->conf->$key : $default); } /** @@ -281,7 +281,7 @@ function getDolUserInt($key, $default = 0, $tmpuser = null) $tmpuser = $user; } - return (int) (empty($tmpuser->conf->$key) ? $default : $tmpuser->conf->$key); + return (int) (isset($tmpuser->conf->$key) ? $tmpuser->conf->$key: $default); } @@ -8413,7 +8413,7 @@ function dol_htmlwithnojs($stringtoencode, $nouseofiframesandbox = 0, $check = ' // Keep only some html tags and remove also some 'javascript:' strings if ($check == 'restricthtmlallowlinkscript') { $out = dol_string_onlythesehtmltags($out, 0, 1, 0, 0, array(), 1, 1); - } elseif ($check == 'restricthtmlallowclass') { + } elseif ($check == 'restricthtmlallowclass' || $check == 'restricthtmlallowunvalid') { $out = dol_string_onlythesehtmltags($out, 0, 0, 1); } else { $out = dol_string_onlythesehtmltags($out, 0, 1, 1); diff --git a/htdocs/core/modules/modSociete.class.php b/htdocs/core/modules/modSociete.class.php index 9bc4a00a897..ff74d724d8d 100644 --- a/htdocs/core/modules/modSociete.class.php +++ b/htdocs/core/modules/modSociete.class.php @@ -107,13 +107,13 @@ class modSociete extends DolibarrModules $r++; /* - $this->const[$r][0] = "COMPANY_HIDE_INACTIVE_IN_COMBOBOX"; - $this->const[$r][1] = "chaine"; - $this->const[$r][2] = "0"; - $this->const[$r][3] = "hide thirdparty customer inative in combobox"; - $this->const[$r][4] = 1; - $r++; - */ + $this->const[$r][0] = "COMPANY_HIDE_INACTIVE_IN_COMBOBOX"; + $this->const[$r][1] = "chaine"; + $this->const[$r][2] = "0"; + $this->const[$r][3] = "hide thirdparty customer inative in combobox"; + $this->const[$r][4] = 1; + $r++; + */ $this->const[$r][0] = "SOCIETE_ADD_REF_IN_LIST"; $this->const[$r][1] = "yesno"; @@ -144,21 +144,21 @@ class modSociete extends DolibarrModules $this->rights[$r][4] = 'lire'; /*$r++; - $this->rights[$r][0] = 241; - $this->rights[$r][1] = 'Read thirdparties customers'; - $this->rights[$r][2] = 'r'; - $this->rights[$r][3] = 0; - $this->rights[$r][4] = 'thirdparty_customer_advance'; // Visible if option MAIN_USE_ADVANCED_PERMS is on - $this->rights[$r][5] = 'read'; + $this->rights[$r][0] = 241; + $this->rights[$r][1] = 'Read thirdparties customers'; + $this->rights[$r][2] = 'r'; + $this->rights[$r][3] = 0; + $this->rights[$r][4] = 'thirdparty_customer_advance'; // Visible if option MAIN_USE_ADVANCED_PERMS is on + $this->rights[$r][5] = 'read'; - $r++; - $this->rights[$r][0] = 242; - $this->rights[$r][1] = 'Read thirdparties suppliers'; - $this->rights[$r][2] = 'r'; - $this->rights[$r][3] = 0; - $this->rights[$r][4] = 'thirdparty_supplier_advance'; // Visible if option MAIN_USE_ADVANCED_PERMS is on - $this->rights[$r][5] = 'read'; - */ + $r++; + $this->rights[$r][0] = 242; + $this->rights[$r][1] = 'Read thirdparties suppliers'; + $this->rights[$r][2] = 'r'; + $this->rights[$r][3] = 0; + $this->rights[$r][4] = 'thirdparty_supplier_advance'; // Visible if option MAIN_USE_ADVANCED_PERMS is on + $this->rights[$r][5] = 'read'; + */ $r++; $this->rights[$r][0] = 122; // id de la permission @@ -168,21 +168,21 @@ class modSociete extends DolibarrModules $this->rights[$r][4] = 'creer'; /* $r++; - $this->rights[$r][0] = 251; - $this->rights[$r][1] = 'Create thirdparties customers'; - $this->rights[$r][2] = 'r'; - $this->rights[$r][3] = 0; - $this->rights[$r][4] = 'thirdparty_customer_advance'; // Visible if option MAIN_USE_ADVANCED_PERMS is on - $this->rights[$r][5] = 'read'; + $this->rights[$r][0] = 251; + $this->rights[$r][1] = 'Create thirdparties customers'; + $this->rights[$r][2] = 'r'; + $this->rights[$r][3] = 0; + $this->rights[$r][4] = 'thirdparty_customer_advance'; // Visible if option MAIN_USE_ADVANCED_PERMS is on + $this->rights[$r][5] = 'read'; - $r++; - $this->rights[$r][0] = 252; - $this->rights[$r][1] = 'Create thirdparties suppliers'; - $this->rights[$r][2] = 'r'; - $this->rights[$r][3] = 0; - $this->rights[$r][4] = 'thirdparty_supplier_advance'; // Visible if option MAIN_USE_ADVANCED_PERMS is on - $this->rights[$r][5] = 'read'; - */ + $r++; + $this->rights[$r][0] = 252; + $this->rights[$r][1] = 'Create thirdparties suppliers'; + $this->rights[$r][2] = 'r'; + $this->rights[$r][3] = 0; + $this->rights[$r][4] = 'thirdparty_supplier_advance'; // Visible if option MAIN_USE_ADVANCED_PERMS is on + $this->rights[$r][5] = 'read'; + */ $r++; $this->rights[$r][0] = 125; // id de la permission @@ -215,14 +215,14 @@ class modSociete extends DolibarrModules $this->rights[$r][5] = 'voir'; /* - $r++; - $this->rights[$r][0] = 263; - $this->rights[$r][1] = 'Read all third parties (without their objects) by internal users (otherwise only if commercial contact). Not effective for external users (limited to themselves).'; - $this->rights[$r][2] = 'r'; - $this->rights[$r][3] = 0; - $this->rights[$r][4] = 'client'; - $this->rights[$r][5] = 'readallthirdparties_advance'; - */ + $r++; + $this->rights[$r][0] = 263; + $this->rights[$r][1] = 'Read all third parties (without their objects) by internal users (otherwise only if commercial contact). Not effective for external users (limited to themselves).'; + $this->rights[$r][2] = 'r'; + $this->rights[$r][3] = 0; + $this->rights[$r][4] = 'client'; + $this->rights[$r][5] = 'readallthirdparties_advance'; + */ $r++; $this->rights[$r][0] = 281; // id de la permission @@ -411,6 +411,7 @@ class modSociete extends DolibarrModules 's.code_compta' => "company", 's.code_compta_fournisseur' => "company", 's.client' => "company", 's.fournisseur' => "company", 's.address' => "company", 's.zip' => "company", 's.town' => "company", 's.phone' => "company", 's.email' => "company", + 's.note_private' => 'company', 's.note_public' => "company", 't.code' => "company", 's.entity' => 'company', ); // We define here only fields that use another picto @@ -685,24 +686,24 @@ class modSociete extends DolibarrModules 'table_element' => 'c_stcomm' ), /* - 's.fk_prospectlevel' => array( - 'rule' => 'fetchidfromcodeid', - 'classfile' => '/core/class/cgenericdic.class.php', - 'class' => 'CGenericDic', - 'method' => 'fetch', - 'dict' => 'DictionaryProspectLevel', - 'element' => 'c_prospectlevel', - 'table_element' => 'c_prospectlevel' - ),*/ - // TODO - // 's.fk_incoterms' => array( - // 'rule' => 'fetchidfromcodeid', - // 'classfile' => '/core/class/cincoterm.class.php', - // 'class' => 'Cincoterm', - // 'method' => 'fetch', - // 'dict' => 'IncotermLabel' - // ) - ); + 's.fk_prospectlevel' => array( + 'rule' => 'fetchidfromcodeid', + 'classfile' => '/core/class/cgenericdic.class.php', + 'class' => 'CGenericDic', + 'method' => 'fetch', + 'dict' => 'DictionaryProspectLevel', + 'element' => 'c_prospectlevel', + 'table_element' => 'c_prospectlevel' + ),*/ + // TODO + // 's.fk_incoterms' => array( + // 'rule' => 'fetchidfromcodeid', + // 'classfile' => '/core/class/cincoterm.class.php', + // 'class' => 'Cincoterm', + // 'method' => 'fetch', + // 'dict' => 'IncotermLabel' + // ) + ); //$this->import_convertvalue_array[$r]=array('s.fk_soc'=>array('rule'=>'lastrowid',table='t'); $this->import_regex_array[$r] = array(//field order as per structure of table llx_societe 's.status' => '^[0|1]', @@ -981,7 +982,7 @@ class modSociete extends DolibarrModules 'sr.datec' => 'date used for creating direct debit UMR formatted as '.dol_print_date( dol_now(), '%Y-%m-%d' - ), + ), 'sr.bank' => 'bank name eg: "ING-Direct"', 'sr.code_banque' => 'account sort code (GB)/Routing number (US) eg. "8456"', 'sr.code_guichet' => "bank code for office/branch", @@ -1008,8 +1009,8 @@ class modSociete extends DolibarrModules $this->import_fields_array[$r] = array('sr.fk_soc' => "ThirdPartyName*", 'sr.fk_user' => "User*"); $this->import_convertvalue_array[$r] = array( - 'sr.fk_soc' => array('rule' => 'fetchidfromref', 'classfile' => '/societe/class/societe.class.php', 'class' => 'Societe', 'method' => 'fetch', 'element' => 'ThirdParty'), - 'sr.fk_user' => array('rule' => 'fetchidfromref', 'classfile' => '/user/class/user.class.php', 'class' => 'User', 'method' => 'fetch', 'element' => 'User') + 'sr.fk_soc' => array('rule' => 'fetchidfromref', 'classfile' => '/societe/class/societe.class.php', 'class' => 'Societe', 'method' => 'fetch', 'element' => 'ThirdParty'), + 'sr.fk_user' => array('rule' => 'fetchidfromref', 'classfile' => '/user/class/user.class.php', 'class' => 'User', 'method' => 'fetch', 'element' => 'User') ); $this->import_examplevalues_array[$r] = array('sr.fk_soc' => "MyBigCompany", 'sr.fk_user' => "login"); } diff --git a/htdocs/core/modules/modTicket.class.php b/htdocs/core/modules/modTicket.class.php index 90f63d269c1..17e6ecc9430 100644 --- a/htdocs/core/modules/modTicket.class.php +++ b/htdocs/core/modules/modTicket.class.php @@ -115,7 +115,7 @@ class modTicket extends DolibarrModules 5 => array('TICKET_DELAY_BEFORE_FIRST_RESPONSE', 'chaine', '0', 'Maximum wanted elapsed time before a first answer to a ticket (in hours). Display a warning in tickets list if not respected.', 0), 6 => array('TICKET_DELAY_SINCE_LAST_RESPONSE', 'chaine', '0', 'Maximum wanted elapsed time between two answers on the same ticket (in hours). Display a warning in tickets list if not respected.', 0), 7 => array('TICKET_NOTIFY_AT_CLOSING', 'chaine', '0', 'Default notify contacts when closing a module', 0), - 8 => array('TICKET_PRODUCT_CATEGORY', 'chaine', 0, 'The category of product that is being used for ticket accounting', 0), + 8 => array('TICKET_PRODUCT_CATEGORY', 'chaine', 0, 'The category of product that is being used to find contract to link to created ticket', 0), 9 => array('TICKET_NOTIFICATION_EMAIL_FROM', 'chaine', getDolGlobalString('MAIN_MAIL_EMAIL_FROM'), 'Email to use by default as sender for messages sent from Dolibarr', 0), 10 => array('TICKET_MESSAGE_MAIL_INTRO', 'chaine', $langs->trans('TicketMessageMailIntroText'), 'Introduction text of ticket replies sent from Dolibarr', 0), 11 => array('TICKET_MESSAGE_MAIL_SIGNATURE', 'chaine', $default_footer, 'Signature to use by default for messages sent from Dolibarr', 0), diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index 9edad25a684..9d3c614b9f0 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -2146,7 +2146,7 @@ COMPANY_DIGITARIA_CLEAN_REGEX=Regex filter to clean value (COMPANY_DIGITARIA_CLE DuplicateForbidden=Duplicate forbidden RemoveSpecialWords=Clean certain words when generating sub-accounts for customers or suppliers RemoveSpecialWordsHelp=Specify the words to be cleaned before calculating the customer or supplier account. Use a ";" between each word -GDPRContact=Data Protection Officer (DPO, Data Privacy or GDPR contact) +GDPRContact=Data Protection Officer (DPO, Data Privacy or GDPR contact, ...) GDPRContactDesc=If you store personal data in your Information System, you can name the contact who is responsible for the General Data Protection Regulation here HelpOnTooltip=Help text to show on tooltip HelpOnTooltipDesc=Put text or a translation key here for the text to show in a tooltip when this field appears in a form diff --git a/htdocs/langs/en_US/ticket.lang b/htdocs/langs/en_US/ticket.lang index 2c09d5ae25e..c8b257eefcc 100644 --- a/htdocs/langs/en_US/ticket.lang +++ b/htdocs/langs/en_US/ticket.lang @@ -134,7 +134,7 @@ TicketsAutoNotifyClose=Automatically notify the third party when closing a ticke TicketsAutoNotifyCloseHelp=When closing a ticket, you will be proposed to send a message to one of third-party contacts. On mass closing, a message will be sent to one contact of the third party linked to the ticket. TicketWrongContact=Provided contact is not part of current ticket contacts. Email not sent. TicketChooseProductCategory=Product category for ticket support -TicketChooseProductCategoryHelp=Select the product category of ticket support. This will be used to automatically link a contract to a ticket. +TicketChooseProductCategoryHelp=Select the product category for support. The category will be used to find all contracts that include a product in this category. All contracts found will be linked to the created ticket. TicketUseCaptchaCode=Use graphical code (CAPTCHA) when creating a ticket TicketUseCaptchaCodeHelp=Adds CAPTCHA verification when creating a new ticket. TicketsAllowClassificationModificationIfClosed=Allow to modify classification of closed tickets diff --git a/htdocs/public/company/new.php b/htdocs/public/company/new.php index 82dfe6dd5e7..e8c79ac9b4a 100644 --- a/htdocs/public/company/new.php +++ b/htdocs/public/company/new.php @@ -215,6 +215,9 @@ if (empty($reshook) && $action == 'add') { // Test on permission not required he if (!$error) { $societe = new Societe($db); + // TODO Support MAIN_SECURITY_MAX_POST_ON_PUBLIC_PAGES_BY_IP_ADDRESS + + $societe->name = GETPOST('name', 'alphanohtml'); $societe->client = GETPOSTINT('client') ? GETPOSTINT('client') : $societe->client; diff --git a/htdocs/ticket/class/ticket.class.php b/htdocs/ticket/class/ticket.class.php index f569115af04..12bdb1d6055 100644 --- a/htdocs/ticket/class/ticket.class.php +++ b/htdocs/ticket/class/ticket.class.php @@ -1859,7 +1859,10 @@ class Ticket extends CommonObject $actioncomm->fk_element = $this->id; $actioncomm->fk_project = $this->fk_project; - // add contact id from author email on public interface + // Add first contact id found in database from submitter email entered into public interface + // Feature disabled: This has a security trouble. The public interface is a no login interface, so being able to show the contact info from an + // email decided by the submiter allows anybody to get information on any contact (customer or supplier) in Dolibarr database. + // He can even check if contact exists by trying any email if this feature is enabled. if ($public_area && !empty($this->origin_email) && getDolGlobalString('TICKET_ASSIGN_CONTACT_TO_MESSAGE')) { $contacts = $this->searchContactByEmail($this->origin_email); if (!empty($contacts)) { diff --git a/htdocs/website/index.php b/htdocs/website/index.php index 913649e1670..13da613ff29 100644 --- a/htdocs/website/index.php +++ b/htdocs/website/index.php @@ -342,7 +342,7 @@ if (empty($sortfield)) { } } -$searchkey = GETPOST('searchstring', 'restricthtmlallowclass'); +$searchkey = GETPOST('searchstring', 'restricthtmlallowunvalid'); // or 'none', must be same then $searchstring if ($action == 'replacesite' || $mode == 'replacesite') { // Test on permission not required $containertype = GETPOST('optioncontainertype', 'aZ09') != '-1' ? GETPOST('optioncontainertype', 'aZ09') : ''; @@ -583,7 +583,7 @@ if ($massaction == 'delcategory' && GETPOST('confirmmassaction', 'alpha') && $us // Replacement of string into pages if ($massaction == 'replace' && GETPOST('confirmmassaction', 'alpha') && $usercanedit) { - $replacestring = GETPOST('replacestring', 'none'); + $replacestring = GETPOST('replacestring', 'restricthtmlallowunvalid'); // or 'none', must be same then $searchstring $dolibarrdataroot = preg_replace('/([\\/]+)$/i', '', DOL_DATA_ROOT); $allowimportsite = true;